
class BaseScope:
    # 添加指定权限
    allow_api = []
    # 模块化添加权限
    allow_module = []
    # 排除权限
    forbidden = []

    def __add__(self, other):
        self.allow_api = self.allow_api + other.allow_api
        self.allow_api = list(set(self.allow_api))

        self.allow_module = self.allow_module + other.allow_module
        self.allow_module = list(set(self.allow_module))

        self.forbidden = self.forbidden + other.forbidden
        self.forbidden = list(set(self.forbidden))
        return self

class AdminScope(BaseScope):
    allow_api = ['v1.user+super_get_user', 'v1.user+super_delete_user']

    # allow_module = ['v1.user']

    def __init__(self):
        self + UserScope()

class UserScope(BaseScope):
    allow_api = ['v1.user+get_user', 'v1.user+delete_user']

class SuperScope(BaseScope):
    # 配置支持单个接口的权限访问
    allow_api = []
    # 配置支持模块级别的权限访问
    # allow_module = ['v1.user']

    def __init__(self):
        pass

SuperScope()

AdminScope()

def is_in_scope(scope, endpoint):
    # 通过使用globals将字符串转换成当前模块下的某个类
    splits = endpoint.split('+')
    red_name = splits[0]
    gl = globals()[scope]()
    if endpoint in gl.forbidden:
        return False
    if red_name in gl.allow_module:
        return True
    if endpoint in gl.allow_api:
        return True
    else:
        return False
